How to reduce the cost of cybersecurity responsibly

Cost of cybersecurity

With the economy taking a turn for the worse, you may be looking for ways to cut your business spending. However, when it comes to cybersecurity, you can’t afford to be complacent – cutting back on this could cost you more in the long run if you lay yourself open to cyberattacks. So, here we look at how you can reduce the cost of cybersecurity responsibly and stay safe online.

Risks are rising

When you consider the potential impact a cyberattack could have on your business, you want to be sure you’re protected as securely as possible. According to a study by TrendMicro, 60% of small businesses close within six months of a cyberattack. And, even if your organisation survives an attack, the cost of cybercrime can be crushing, as a study by Cisco found that 40% of small businesses hit by a severe cyberattack experienced at least eight hours of downtime.

You can’t afford to think that it won’t happen to you. Cybercrime incidents are now commonplace. According to the UK government’s Cyber Security Cyber Breaches Survey 2022, 39% of UK businesses had identified a cyberattack in the past 12 months. And those companies that reported a material outcome, such as loss of money or data, experienced an estimated average cost of £4,200. But, where only medium and large businesses were considered, this figure rose to £19,400.

Unfortunately, experts are also predicting that with the cost-of-living crisis, cyberattacks will rise even further as cybercriminals step up their efforts. And the indications are that this is already happening. According to the 2022 State of Phishing report from SlashNext, phishing attacks increased by 61% in 2022. The Anti-phishing Working Group (APWG) also reported that there were three million phishing attacks in the third quarter of the year. This was the worst quarter it had ever seen. In addition, the percentage of users affected by targeted ransomware doubled in the first 10 months of 2022, according to Kaspersky Lab.

Worried about rising IT costs? Check out our guide to protecting your business on a budget.

The cost of cybersecurity

As rates of cybercrime have gone up, so has the cost of cybersecurity that can protect your business from so many risks. Organisations therefore often find that their spending on cybersecurity is substantial. For example, the Pursuing Cybersecurity Maturity at Financial Institutions report by Deloitte and the Financial Services Information Sharing and Analysis Center revealed that banks, insurance companies, investment managers, and other financial services companies spend between 6% and 14% of their IT budget on cybersecurity. This is approximately 0.2% to 0.9% of company revenue.

In light of these risks, how do you cut the cost of cybersecurity for your business responsibly without suffering severe consequences? It’s vital when considering cost-cutting in this area, that you strike a sensible balance between saving money and safeguarding your business. Well, thankfully, there are various measures you can take which will protect your business while keeping the cost of cybersecurity down.

Assess, prioritise and manage risks

The key to cutting the cost of cybersecurity responsibly is to assess, prioritise and manage risks. If your business has been operating for a while, the first step is to take stock of what tools are already in place. There may be some duplication, which you can remove to start making savings. You could also consolidate tools and use more automation, to improve efficiency without impacting your level of cybersecurity protection. 

It’s impossible to guarantee 100% protection from every threat, but you can focus on limiting the most likely ones. One risk it pays to address is the threat of phishing attacks. Data shows that 91% of all cyberattacks start with a phishing email, so prioritise your defences against this. Phishing is a type of social engineering attack, whereby a cybercriminal sends a message intended to trick the recipient into revealing sensitive data or downloading malware. So, ensuring that your employees receive good cybersecurity awareness training will reduce the chance of them succeeding. This can be a relatively low-cost cybersecurity measure and sets your staff up as a human firewall to safeguard your business.

While it’s vital to protect your business network, rather than having an in-house IT team to manage your cybersecurity, which can be expensive, you could also explore the alternatives, such as deploying a comprehensive cybersecurity solution. For example, with CyberSmart Active Protect, you can protect every device in your business, around the clock, with no need for an in-house team, expensive tools, or specialist expertise. This also provides the invaluable cybersecurity staff training, you need to strengthen your defences.

Step up your cyber hygiene

Another important step you can take to keep your business secure and the cost of cybersecurity down is to boost your cyber hygiene. This involves adopting rigorous, proactive procedures to protect against cyber threats, such as:

Backing up all data

Ensure all data is backed up to a secondary source, such as cloud storage, to help prevent your information from being lost in a security breach. This may sound obvious, but it’s often overlooked.

Using good password management

Use unique, complex, and regularly updated passwords. You could also consider using a password manager app to generate new ones each time and store them safely.

Updating your software

Regularly review and update all your software to ensure you’ve got the latest protection against security threats.

Limiting access

Only give login details to employees for the systems they really need access to, and limit admin-level access to those who must have it. This can help prevent any employee-related security issues.

Providing company devices

Avoid letting employees use their own devices, if possible. It gives you more control over where your data is and keeps you safe if an employee leaves your business.

Free online guidance

If you run a small business and want to improve your cybersecurity without breaking the bank, check out the National Cyber Security Centre’s Small Business Guide: Cyber Security. This offers practical, affordable advice. 

It explains simple measures you can take to protect your organisation from malware, such as ensuring that your firewall is switched on. It’s important that you have secure internet connectivity, and this creates a ‘buffer zone’ between your network and external networks. This is a straightforward step to take, as most popular operating systems now include a firewall.

Further free and invaluable advice, more appropriate for medium and large businesses, on how to build strong cybersecurity is also available via the National Cyber Security Centre’s 10 Steps to Cyber Security.

Cyber Essentials certification

Finally, if you want to keep the cost of cybersecurity down as responsibly as possible, you should gain Cyber Essentials certification. This is a cost-effective, UK government-backed scheme which covers everything your business needs to do to protect itself from cyberattacks. Simply by being certified, you can reduce your cyber risks by up to 98.5%.

This could also bring welcome new business your way, as it’s a great way to demonstrate to new customers that you take cybersecurity seriously. It also gives you the ability to bid for government tenders that require Cyber Essentials certification. What’s more, if you gain your certification with us, you get £25k free enhanced cyber insurance, for added peace of mind.

Cautious cost-cutting

Reducing the amount you spend on cybersecurity responsibly is possible, but should be carried out with caution. However, with the right know-how, you can keep expenditure down and ensure your business has the strong cybersecurity protection it needs.

Want to know more? Discover how to protect your business on a budget in our cost of living crisis guide.

Cost of living CTA 2